emacs

mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-12-16 09:50:25 +00:00

History

Paul Eggert 007744dd04 Redo emacsclient socket symlink-attack checking * admin/merge-gnulib (GNULIB_MODULES): Add file-has-acl. * lib/file-has-acl.c: New file, copied from Gnulib. * lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate. * lib-src/emacsclient.c: Include acl.h, for file_has_acl. (O_PATH): Default to O_SEARCH, which is good enough here. (union local_sockaddr): New type. (socket_status): Remove, replacing with ... (connect_socket): New function. All callers changed. This function checks for ownership and permissions issues with the parent directory of the socket file, instead of checking the owner of the socket (which does not help security). (socknamesize): Move to file scope. (local_sockname): New arg S. No need to pass socknamesize. UID arg is now uid_t. All callers changed. Get file descriptor of parent directory of socket, to foil some symlink attacks. Do not follow symlinks to that directory. (set_local_socket): Create the socket here instead of on each attempt to connect it. Fall back from XDG_RUNTIME_DIR to /tmp only if the former fails due to ENOENT. Adjust permission-failure diagnostic to match changed behavior. This addresses Bug#33847, which complained about emacsclient in a safer XDG environment not connecting to an Emacs server running in a less-safe enviroment outside XDG. The patch fixes a longstanding issue with emacsclient permission checking. It’s ineffective to look at the permission of the socket file itself; on some platforms, these permissions are ignored anyway. What matters are the permissions on the parent directory of the socket file, as these are what make symlink attacks possible. Change the permissions check accordingly, and also refuse to follow symlinks to that parent directory. These changes make it OK for emacsclient to fall back from XDG_RUNTIME_DIR to the traditionally less-safe /tmp/emacsNNNN directories, since /tmp is universally sticky nowadays.		2021-07-23 13:33:37 +02:00
..
charsets	Base the "extraclean" Make rule on "maintainer-clean"	2021-05-09 18:14:12 -07:00
coccinelle
grammars	Base the "extraclean" Make rule on "maintainer-clean"	2021-05-09 18:14:12 -07:00
notes	; * admin/notes/years: Mention that etags test files need to be updated.	2021-05-17 19:33:40 +03:00
nt	Remove support for 32 bit build	2021-01-15 21:37:25 +00:00
unidata	Base the "extraclean" Make rule on "maintainer-clean"	2021-05-09 18:14:12 -07:00
admin.el	Merge from origin/emacs-27	2021-03-29 08:26:25 -07:00
alloc-colors.c
authors.el	* admin/*.el: Use lexical-binding	2021-01-31 18:00:39 -05:00
automerge
build-configs
ChangeLog.1
check-doc-strings	Fix admin/check-doc-strings for new DEFUN format	2021-02-16 05:26:44 +01:00
CPP-DEFINES	; * admin/CPP-DEFINES: Remove unused defines.	2021-02-17 11:08:27 -08:00
cus-test.el	Run admin/cus-tests.el tests from test suite	2021-02-21 20:20:40 +01:00
diff-tar-files
emake	Fix previous admin/emake change	2021-05-28 03:04:57 +02:00
find-gc.el	* admin/*.el: Use lexical-binding	2021-01-31 18:00:39 -05:00
gitmerge.el	; Minor license statement fixes	2021-02-08 09:10:57 +01:00
last-chance.el
MAINTAINERS	; * admin/MAINTAINERS: Tabify last change.	2021-04-06 18:27:04 +02:00
make-emacs
make-manuals
make-tarball.txt	Merge from origin/emacs-27	2021-05-04 07:50:25 -07:00
merge-gnulib	Redo emacsclient socket symlink-attack checking	2021-07-23 13:33:37 +02:00
merge-pkg-config
quick-install-emacs
README
release-process
update_autogen	Don't version-control generated file `grammat-wy.el`	2021-04-12 22:10:38 -04:00
update-copyright
upload-manuals

README

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Copyright (C) 2001-2021 Free Software Foundation, Inc.
See the end of the file for license conditions.


			 The admin directory

This directory contains scripts and other things useful for developing
and maintaining Emacs.  These files are not part of Emacs releases
because they are not deemed generally useful, and you have to know
what you do when using them.


* Instructions and scripts used to prepare an Emacs release.

** release-process

The release process used by GNU Emacs.

** make-tarball.txt

Instructions to create pretest or release tarballs, announcements, etc.

** admin.el

Utilities for setting version numbers and alike.


* Scripts that can be used to build and test Emacs.

** build-configs

Build Emacs in various configurations.

** make-emacs

Build Emacs in various ways.

** quick-install-emacs

Install emacs quickly ("incrementally").

** alloc-colors.c

A utility program that allocates a given number of colors on X.  Can
be used to debug Emacs with dense colormaps (PseudoColor).

** check-doc-strings

Check doc strings against documentation.

** cus-test.el

Tests for custom types and load problems.

** diff-tar-files

Show files added/removed between two tar files.


Brief description of sub-directories:

charsets		scripts for generating charset map files
			in ../etc/charsets
unidata			scripts for generating character property files
			in ../lisp/international


This file is part of GNU Emacs.

GNU Emacs is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.

Local variables:
mode: outline
paragraph-separate: "[ 	]*$"
end:

README Unescape Escape

README